OCSP
E792087
OCSP (Online Certificate Status Protocol) is an internet protocol used to obtain the real-time revocation status of digital certificates in public key infrastructures.
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
PKI protocol
ⓘ
internet protocol ⓘ |
| abbreviationFor | Online Certificate Status Protocol NERFINISHED ⓘ |
| addressesProblem |
bandwidth overhead of CRLs
ⓘ
latency of CRL distribution ⓘ |
| alternativeTo | certificate revocation lists ⓘ |
| canBe | mandatory in some security policies ⓘ |
| category | certificate status protocol ⓘ |
| checksStatusOf | X.509 digital certificate ⓘ |
| clientTypicallyIs |
TLS client
ⓘ
web browser ⓘ |
| definedFor | X.509 PKI NERFINISHED ⓘ |
| definedInRFC | RFC 6960 NERFINISHED ⓘ |
| fullName | Online Certificate Status Protocol NERFINISHED ⓘ |
| hasVariant |
OCSP stapling
ⓘ
TLS Certificate Status Request extension NERFINISHED ⓘ |
| improves | timeliness of revocation information ⓘ |
| mayLeak | client browsing behavior if queried directly ⓘ |
| obsoletes | RFC 2560 NERFINISHED ⓘ |
| operatesBetween | OCSP client and OCSP responder ⓘ |
| purpose | obtain real-time revocation status of digital certificates ⓘ |
| relatedStandard | RFC 5019 NERFINISHED ⓘ |
| reliesOn | trust in OCSP responder certificate ⓘ |
| replaces | CRL polling in some deployments ⓘ |
| requestFormat | ASN.1 ⓘ |
| responderTypicallyIs | certificate authority service ⓘ |
| responseFormat | ASN.1 NERFINISHED ⓘ |
| responseSignedBy |
OCSP responder
ⓘ
certificate authority ⓘ |
| RFC 5019Defines | lightweight OCSP profile ⓘ |
| roleInSecurity | certificate revocation checking ⓘ |
| specifiedIn | PKIX standards ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supportsExtension |
CRL references
ⓘ
archive cutoff ⓘ nonce ⓘ service locator ⓘ |
| supportsStatus |
good
ⓘ
revoked ⓘ unknown ⓘ |
| transportsOver |
HTTP
NERFINISHED
ⓘ
HTTPS ⓘ |
| usedIn |
HTTPS
NERFINISHED
ⓘ
TLS NERFINISHED ⓘ X.509 certificate validation ⓘ public key infrastructure ⓘ |
| usesCryptography | public key cryptography ⓘ |
| usesModel | request-response ⓘ |
| usesSignatureAlgorithm | digital signatures ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.